USC CSci599 Trusted Computing Lecture notes Spring 2007

1. USC CSci599Trusted ComputingLecture notesSpring 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute

2. Administration • Class home page http://ccss.usc.edu/599tc • Preliminary Syllabus • Assigned Readings • Lecture notes • Assignments • See me for D Clearance

3. Administration • Class e-mail: csci599s07@clifford.neuman.name • Instructor • Dr. Clifford Neuman • Office hours Friday 10:45-11:45 SAL 212

4. USC CSci599Trusted ComputingLecture Two – Trusted HardwareJanuary 19, 2007 - PRELIMINARY Dr. Clifford Neuman University of Southern California Information Sciences Institute

5. NOTE • These are place holders for the topics we will discuss today. • There will be more slides by lecture.

6. The Hardware Basis • Trusted computing is proof by induction • Each attestation stage says something about the next level • Just like PKI Certification hierarchy • One needs a basis step • On which one relies • Hardware is that step • (well, second step anyway)

7. Hardware Topics • Trusted Platform Module • Discussion of Secure Storage • Boot process

8. Trusted Platform Module • Basically a Key Storage and Generation Device • Capabilities: • Generation of new keys • Storage and management of keys • Uses keys without releasing

9. Endorsement Key • Every TPM has unique Endorsement key • Semi-root of trust for system • Generated and installed during manufacture • Issues • Real root is CA that signs public key associated with Endorsement key

10. Identity Key • Key associated with certificate from a CA attesting to identity of the TPM and version / security attributes. (I’m not sure of the relationship with the EK)

11. Storage Root Key • Root of Key Hierarchy for managing keys related to TPM (except EK) • Root key never leaves TPM • Can be changed to reinitialize ownership.

12. Storage Keys • Can protect data • Can protect other keys • Some storage keys may be migrated.

13. Binding Key • Private key to decrypt data perhaps encrypted by others using a public key

14. Using Encryption • LoadKey • Generated or imported • Sign • Signs Data Presented to TPM • Unbind • Decrypt data from elsewhere in a public key

15. Using Encryption • Seal/Unseal • Encrypt and subsequent decrypt • This TPM Only • PCRs must be correct • Platform Configuration Register (PCR) • 20 by storage inside TPM is digest of accumulated data. • Contains information about the programs and other state of the processor.

16. Using Encryption • Extend • Add data to a PCR • 20 byte hash hashed into current PCR • As each module loaded its hash extends the PCR • Quote • Sign current value of PCR

17. Using Encryption • CreateWrapKey • Creates and encrypts for transfer a new RSA key • MakeIdentity • Creates an Attestation Identity key for a user • TakeOwnership • Reinitialize TPM, and erases old keys

18. Using Encryption • Other Functions • OIAP/OSAP • GetCapability • GetRandom

19. How to Use it For Atestation • As modules loaded, their hashes extend the PCR. • When attestation needed, remote entity can ask the TPM to sign PCR.

20. Peripheral Authenication • TPM’s can be embedded in peripherals too, so a system knows it is dealing with an authentic biometric scanner or other kinds of devices.

21. Exercise - Secure Storage • Full Disk Encryption • Key in register in disk • Or key in TPM and data encrypted/decrypted by TPM • Seagate Drive uses register in Disk • Key must be loaded • User prompt at BIOS • Or managed by TPM • But OS image maybe on disk, how to get

22. The Boot Process • Work and example using the functions described already.